Settings to Change Cloud Location

Add configuration option to allow user to select a “national cloud” to login against. Adjust methods to use the new settings. Update tests to cover the new and updated code.

src/main/java/org/almrangers/auth/aad/AadSettings.java

@@ -44,6 +44,11 @@ public class AadSettings {
   protected static final String ENABLED = "sonar.auth.aad.enabled";
   protected static final String ALLOW_USERS_TO_SIGN_UP = "sonar.auth.aad.allowUsersToSignUp";
   protected static final String TENANT_ID = "sonar.auth.aad.tenantId";
+  protected static final String DIRECTORY_LOCATION = "sonar.auth.aad.directoryLocation";
+  protected static final String DIRECTORY_LOC_GLOBAL = "Azure AD (Global)";
+  protected static final String DIRECTORY_LOC_USGOV = "Azure AD for US Government";
+  protected static final String DIRECTORY_LOC_DE = "Azure AD for Germany";
+  protected static final String DIRECTORY_LOC_CN = "Azure AD China";
   protected static final String ENABLE_GROUPS_SYNC = "sonar.auth.aad.enableGroupsSync";
   protected static final String LOGIN_STRATEGY = "sonar.auth.aad.loginStrategy";
   protected static final String LOGIN_STRATEGY_UNIQUE = "Unique";
@@ -55,12 +60,18 @@ public class AadSettings {
   protected static final String SUBCATEGORY = "Authentication";
   protected static final String GROUPSYNCSUBCATEGORY = "Groups Synchronization";
 
-  protected static final String ROOT_URL = "https://login.microsoftonline.com";
+  protected static final String LOGIN_URL = "https://login.microsoftonline.com";
+  protected static final String LOGIN_URL_USGOV = "https://login.microsoftonline.us";
+  protected static final String LOGIN_URL_DE = "https://login.microsoftonline.de";
+  protected static final String LOGIN_URL_CN = "https://login.chinacloudapi.cn";
   protected static final String AUTHORIZATION_URL = "oauth2/authorize";
   protected static final String AUTHORITY_URL = "oauth2/token";
   protected static final String COMMON_URL = "common";
-  protected static final String SECURE_RESOURCE_URL = "https://graph.microsoft.com";
 
+  protected static final String GRAPH_URL = "https://graph.microsoft.com";
+  protected static final String GRAPH_URL_USGOV = "https://graph.microsoft.com";
+  protected static final String GRAPH_URL_DE = "https://graph.microsoft.de";
+  protected static final String GRAPH_URL_CN = "https://microsoftgraph.chinacloudapi.cn";
   protected static final String AUTH_REQUEST_FORMAT = "%s?client_id=%s&response_type=code&redirect_uri=%s&state=%s&scope=openid";
   protected static final String GROUPS_REQUEST_FORMAT = "/v1.0/%s/users/%s/memberOf";
 
@@ -132,14 +143,24 @@ public static List<PropertyDefinition> definitions() {
         .options(LOGIN_STRATEGY_UNIQUE, LOGIN_STRATEGY_PROVIDER_ID)
         .index(7)
         .build(),
+      PropertyDefinition.builder(DIRECTORY_LOCATION)
+        .name("Directory Location")
+        .description("The location of the Azure installation. You normally won't need to change this.")
+        .category(CATEGORY)
+        .subCategory(SUBCATEGORY)
+        .type(SINGLE_SELECT_LIST)
+        .defaultValue(DIRECTORY_LOC_GLOBAL)
+        .options(DIRECTORY_LOC_GLOBAL, DIRECTORY_LOC_USGOV, DIRECTORY_LOC_DE, DIRECTORY_LOC_CN)
+        .index(8)
+        .build(),
       PropertyDefinition.builder(ENABLE_GROUPS_SYNC)
         .name("Enable Groups Synchronization")
         .description("Enable groups synchronization from Azure AD to SonarQube, For each Azure AD group user belongs to, the user will be associated to a group with the same name(if it exists) in SonarQube.")
         .category(CATEGORY)
         .subCategory(GROUPSYNCSUBCATEGORY)
         .type(BOOLEAN)
         .defaultValue(valueOf(false))
-        .index(8)
+        .index(9)
         .build()
 
     );
@@ -181,16 +202,50 @@ private String getEndpoint() {
     }
   }
 
+  private String getLoginHost() {
+    String directoryLocation = settings.getString(DIRECTORY_LOCATION);
+
+    switch (directoryLocation) {
+      case DIRECTORY_LOC_USGOV:
+        return LOGIN_URL_USGOV;
+
+      case DIRECTORY_LOC_DE:
+        return LOGIN_URL_DE;
+
+      case DIRECTORY_LOC_CN:
+        return LOGIN_URL_CN;
+
+      case DIRECTORY_LOC_GLOBAL:
+      default:
+        return LOGIN_URL;
+    }
+  }
+
   public String authorizationUrl() {
-    return String.format("%s/%s/%s", ROOT_URL, getEndpoint(), AUTHORIZATION_URL);
+    return String.format("%s/%s/%s", getLoginHost(), getEndpoint(), AUTHORIZATION_URL);
   }
 
   public String authorityUrl() {
-    return String.format("%s/%s/%s", ROOT_URL, getEndpoint(), AUTHORITY_URL);
+    return String.format("%s/%s/%s", getLoginHost(), getEndpoint(), AUTHORITY_URL);
   }
 
   public String getGraphURL() {
-    return SECURE_RESOURCE_URL;
+    String directoryLocation = settings.getString(DIRECTORY_LOCATION);
+
+    switch (directoryLocation) {
+      case DIRECTORY_LOC_USGOV:
+        return GRAPH_URL_USGOV;
+
+      case DIRECTORY_LOC_DE:
+        return GRAPH_URL_DE;
+
+      case DIRECTORY_LOC_CN:
+        return GRAPH_URL_CN;
+
+      case DIRECTORY_LOC_GLOBAL:
+      default:
+        return GRAPH_URL;
+    }
   }
 
   public String getGraphMembershipUrl() {

src/test/java/org/almrangers/auth/aad/AadIdentityProviderTest.java

@@ -128,6 +128,7 @@ private void setSettings(boolean enabled) {
       settings.setProperty("sonar.auth.aad.clientId.secured", "id");
       settings.setProperty("sonar.auth.aad.clientSecret.secured", "secret");
       settings.setProperty("sonar.auth.aad.loginStrategy", AadSettings.LOGIN_STRATEGY_DEFAULT_VALUE);
+      settings.setProperty("sonar.auth.aad.directoryLocation", AadSettings.DIRECTORY_LOC_GLOBAL);
       settings.setProperty("sonar.auth.aad.enabled", true);
     } else {
       settings.setProperty("sonar.auth.aad.enabled", false);

src/test/java/org/almrangers/auth/aad/AadSettingsTest.java

@@ -31,7 +31,7 @@
 import org.sonar.api.config.Settings;
 import org.sonar.api.config.internal.MapSettings;
 
-import static org.almrangers.auth.aad.AadSettings.LOGIN_STRATEGY_DEFAULT_VALUE;
+import static org.almrangers.auth.aad.AadSettings.*;
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class AadSettingsTest {
@@ -65,6 +65,29 @@ public void return_authorization_url_for_multi_tenant_azureAd_app() {
     assertThat(underTest.authorizationUrl()).isEqualTo("https://login.microsoftonline.com/common/oauth2/authorize");
   }
 
+  @Test
+  public void return_correct_urls() {
+    //Azure Default "Global"
+    settings.setProperty("sonar.auth.aad.directoryLocation", DIRECTORY_LOC_GLOBAL);
+    assertThat(underTest.authorizationUrl().startsWith("https://login.microsoftonline.com"));
+    assertThat(underTest.getGraphURL().startsWith("https://graph.microsoft.com"));
+
+    //Azure US Gov
+    settings.setProperty("sonar.auth.aad.directoryLocation", DIRECTORY_LOC_USGOV);
+    assertThat(underTest.authorizationUrl().startsWith("https://login.microsoftonline.us"));
+    assertThat(underTest.getGraphURL().startsWith("https://graph.microsoft.com"));
+
+    //Azure Germany
+    settings.setProperty("sonar.auth.aad.directoryLocation", DIRECTORY_LOC_DE);
+    assertThat(underTest.authorizationUrl().startsWith("https://login.microsoftonline.de"));
+    assertThat(underTest.getGraphURL().startsWith("https://graph.microsoft.de"));
+
+    //Azure China
+    settings.setProperty("sonar.auth.aad.directoryLocation", DIRECTORY_LOC_CN);
+    assertThat(underTest.authorizationUrl().startsWith("https://login.chinacloudapi.cn"));
+    assertThat(underTest.getGraphURL().startsWith("https://microsoftgraph.chinacloudapi.cn"));
+  }
+
   @Test
   public void is_enabled_always_return_false_when_client_id_is_null() {
     settings.setProperty("sonar.auth.aad.enabled", true);
@@ -113,7 +136,7 @@ public void allow_users_to_sign_up() {
 
   @Test
   public void definitions() {
-    assertThat(AadSettings.definitions()).hasSize(8);
+    assertThat(AadSettings.definitions()).hasSize(9);
   }
 
 }

src/test/java/org/almrangers/auth/aad/AuthAadPluginTest.java

@@ -35,7 +35,7 @@ public class AuthAadPluginTest {
 
   @Test
   public void test_extensions() {
-    assertThat(underTest.getExtensions()).hasSize(10);
+    assertThat(underTest.getExtensions()).hasSize(11);
   }
 
 }